updated 05:05 pm EDT, Thu August 4, 2011

Moscow raids help silence MacDefender malware

A sudden lack of activity in the MacDefender malware from late June on may have come from Russian police arresting its creator. An investigation by security expert Brian Krebs noted that Russian police on June 23 had arrested Pavel Vrublevsky, an infamous fake antivirus veteran and the creator of online payment processor ChronoPay. Although he had been arrested for bombarding rivals with Internet traffic to shut them down, new variants of MacDefender had mysteriously dried up around the same time.

Smoking gun evidence emerged in a follow-up raid on ChronoPay in Moscow. Police found that the company was providing support for MacDefender as well as other scam antivirus firms and black market prescription drug stores. A number of the antivirus firms either warned they would suddenly stop paying partners or shut down altogether in the past few weeks.

All the seemingly sudden moves are known parts of a worldwide focus on shutting down fake antivirus apps. Along with the immediate damage, they're often run in coordination with botnets and present much wider security risks than just the individual infections.

The crackdowns may only have a temporary effect given the profitability of the industry, where paying a small rate of $75, as an example, often turns four or five times the investment and requires little effort. It may still shut down MacDefender permanently and could discourage other fake Mac AV programs.

ChronoPay offices during the raid, top; evidence of MacDefender link at bottom